Merge pull request #172 from matrix-org/update-readme-for-setup

chore: Update README with new setup instructions

README.md

@@ -111,7 +111,7 @@ specifies one or more homeservers for pantalaimon to connect to.
 A minimal pantalaimon configuration looks like this:
 ```dosini
 [local-matrix]
-Homeserver = https://localhost:8448
+Homeserver = https://localhost:443
 ListenAddress = localhost
 ListenPort = 8009
 ```
@@ -140,3 +140,40 @@ To control the daemon an interactive utility is provided in the form of
 `panctl` can be used to verify, blacklist or ignore devices, import or export
 session keys, or to introspect devices of users that we share encrypted rooms
 with.
+
+### Setup
+This is all coming from an excellent comment that you can find [here](https://github.com/matrix-org/pantalaimon/issues/154#issuecomment-1951591191).
+
+
+
+1) Ensure you have an OS keyring installed. In my case I installed gnome-keyring. You may also want a GUI like seahorse to inspect the keyring. (pantalaimon will work without a keyring but your client will have to log in with the password every time pantalaimon is restarted, instead of being able to reuse the access token from the previous successful login.)
+
+2) In case you have prior attempts, clean the slate by deleting the ~/.local/share/pantalaimon directory.
+
+3) Start pantalaimon.
+
+4) Connect a client to the ListenAddress:ListenPort you specified in pantalaimon.conf, eg to 127.0.0.1:8009, using the same username and password you would've used to login to your homeserver directly.
+
+5) The login should succeed, but at this point all encrypted messages will fail to decrypt. This is fine.
+
+6) Start another client that you were already using for your encrypted chats previously. In my case this was app.element.io, so the rest of the steps here assume that.
+
+7) Run panctl. At the prompt, run start-verification <user ID> <user ID> <Element's device ID>. <user ID> here is the full user ID like @arnavion:arnavion.dev. If you only have the one Element session, panctl will show you the device ID as an autocomplete hint so you don't have to look it up. If you do need to look it up, go to Element -> profile icon -> All Settings -> Sessions, expand the "Current session" item, and the "Session ID" is the device ID.
+
+8) In Element you will see a popup "Incoming Verification Request". Click "Continue". It will change to a popup containing some emojis, and panctl will print the same emojis. Click the "They match" button. It will now change to a popup like "Waiting for other client to confirm..."
+
+9) In panctl, run confirm-verification <user ID> <user ID> <Element's device ID>, ie the same command as before but with confirm-verification instead of start-verification.
+
+10) At this point, if you look at all your sessions in Element (profile icon -> All Settings -> Sessions), you should see "pantalaimon" in the "Other sessions" list as a "Verified" session.
+
+11) Export the E2E room keys that Element was using via profile icon -> Security & Privacy -> Export E2E room keys. Pick any password and then save the file to some path.
+
+12) Back in panctl, run import-keys <user ID> <path of file> <password you used to encrypt the file>. After a few seconds, in the output of pantalaimon, you should see a log like INFO: pantalaimon: Successfully imported keys for <user ID> from <path of file>
+
+13) Close and restart the client you had used in step 5, ie the one you want to connect to pantalaimon. Now, finally, you should be able to see the encrypted chats be decrypted.
+
+14) Delete the E2E room keys backup file from step 12. You don't need it any more.
+
+15) If in step 11 you had other unverified sessions from pantalaimon from your prior attempts, you can sign out of them too.
+
+You will probably have to repeat steps 12-15 any time you start a new encrypted chat in Element.